aws-solutions/network-orchestration-for-aws-transit-gateway

Removing Subnet from TGW Attachment results in VPC default route being removed

gfawcett22 opened this issue · 2 comments

gfawcett22 commented

Describe the bug

If a VPC has multiple subnets attached to the TGW via the Attach-to-tgw tag and one of the tags are removed to remove a single subnet, the default route for the VPC is removed even though additional subnets are still attached to the TGW.

To Reproduce

  1. Create a VPC with subnets in multiple AZs
  2. Attach multiple subnets to the TGW via the Attach-to-tgw tag
  3. Verify there is a default route of 0.0.0.0/0 in the VPC route table and multiple subnets are attached to the TGW.
  4. Remove the Attach-to-tgw tag from a single subnet
  5. Notice there are still subnet(s) attached to the TGW, but there is no default route in the VPC route table and the subnets attached could not route to the TGW.

Expected behavior

Default Route is only removed when all subnets are detached.

Please complete the following information about the solution:

  • [ v3.1 ] Version: [e.g. v1.0.0]

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0009) - The AWS CloudFormation template for deployment of the aws-centralized-logging. Version v1.0.0". You can also find the version from releases

  • [ us-east-2 ] Region: [e.g. us-east-1]
  • [ No ] Was the solution modified from the version published on this repository?
  • If the answer to the previous question was yes, are the changes available on GitHub?
  • [ Yes ] Have you checked your service quotas for the sevices this solution uses?
  • [ No ] Were there any errors in the CloudWatch Logs? How to enable debug mode?

Screenshots
If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context
The error is being caused here in the vpc_handler. I'm wondering if self.event.get("Action") == "RemoveSubnet" should not be there.

groverlalit commented

Thanks for opening this issue. We are investigating this issue.

groverlalit commented

In v3.1 we do not support changes to main route table. By design we remove the routes from the explicit route table associated with the subnet where the user deletes the "Attach-to-tgw" tag.

This is a valid behavior for the subnets associated with a single main route table.